[Swan] Clashing private IP addresses
Paul Wouters
paul at nohats.ca
Wed Jun 7 22:08:29 UTC 2017
On Wed, 7 Jun 2017, Eric Curtin wrote:
> I need to connect to multiple clients behind multiple routers from a
> centos/rhel 6 machine. There are clashing 192.168.0.100, 192.168.0.101
> addresses... How can I solve this so that I can connect to multiple
> 192.168.0.100's? I cannot alter the remote private IP addresses.
>
> Just wondering, what are my options in this scenario?
I'm unsure what your goal is. If your goal is to connect laptops and
phones to your remote network and currently your problem is they are
all behind NAT on conflicting/overlapping RFC1918 space, the solution
is to give those devices an IP from your pool, using either IKEv2 CP
or IKEv1 XAUTH.
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH_with_Certificates
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH_with_PSK
If you are trying to connect subnets which use overlapping RFC1918
ranges together, you have a much harder task. An IP can really only
live in 1 place, and you'd have to do a lot of NAT+IPsec to tweak
it, and you'd end up using hardcoded IPs or weird modified DNS. You
might need something like:
https://libreswan.org/wiki/Subnet_to_subnet_using_NAT
Paul
More information about the Swan
mailing list